0 Replies Latest reply on May 30, 2013 10:38 AM by malcomtom

    Seam 2 problem with HTTP Authentication and multiple Hibernate sessions

    malcomtom

      Dear community,

       

      My Webappliction is providing rest searvices via Resteasy. At the moment

      I am doing authentication via Basic HTTP (over HTTPS).

       

      User authentication/authorization - data is in the same database as the reast of the application data.

      I defined an authentication filter and tqo hibernate sessions inside the "components.xml"

       

      ------------ snippet -------------------

         <security:identity authenticate-method="#{authmodule.authenticate}" remember-me="true"/>

         <web:authentication-filter url-pattern="/seam/resource/rest/*" auth-type="basic"/>

       

         <persistence:managed-hibernate-session

             name="rootSession" auto-create="true"

             session-factory="#{myhibernateSessionFactory}" />

       

                <persistence:managed-hibernate-session

              name="secpersistanceSession" auto-create="true"

              session-factory="#{myhibernateSessionFactory}" />

      --------------------------------------------------

       

      -------------------- Authmodule.java-------------------------

      @Name("authmodule")

      @Scope(ScopeType.APPLICATION)

      public class Authmodule

      {

       

          @In Identity identity;

          @In Credentials credentials;

       

       

          public boolean authenticate(){

                          String username = credentials.getUsername();

                          String password = credentials.getPassword();

                          .....

                                    search in Database  for user with username/password and

                                    return ture or false

                          ....

                }

      }

      -------------------------------------------------------------------

       

       

      The problem is now, that After Authmodule.authenticate is called and finished, a "destroy"-call of the two managed-hibernate-sessions

      is done. this closes the hibernate session and badly influences other working components, that are using the same hibernate sessions.

      this further causes a lot of exceptions (e.g. transactions can not be commited, because hibernate connection is closed)

       

      ------------- Stacktrace ---------------------

      CachedConnectionManager.unregisterConnection(ConnectionCacheListener, Object) line: 342
      TxConnectionManager$TxConnectionEventListener.connectionClosed(ConnectionEvent) line: 637
      LocalManagedConnection(BaseWrapperManagedConnection).closeHandle(WrappedConnection) line: 363
      WrappedConnectionJDK6(WrappedConnection).close() line: 155
      DatasourceConnectionProvider.closeConnection(Connection) line: 97
      ConnectionManager.closeConnection() line: 474
      ConnectionManager.cleanup() line: 408
      ConnectionManager.close() line: 347
      SessionImpl.close() line: 325
      FullTextSessionImpl.close() line: 281
      FullTextHibernateSessionProxy(HibernateSessionProxy).close() line: 85
      ManagedHibernateSession.close() line: 223
      ManagedHibernateSession.destroy() line: 177
      GeneratedMethodAccessor184.invoke(Object, Object[]) line: not available
      DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43
      Method.invoke(Object, Object...) line: 601
      Reflections.invoke(Method, Object, Object...) line: 22
      Reflections.invokeAndWrap(Method, Object, Object...) line: 144
      Component.callComponentMethod(Object, Method, Object...) line: 2249
      Component.callDestroyMethod(Object) line: 2180
      Component.destroy(Object) line: 1469
      Contexts.destroy(Context) line: 251
      Contexts.flushAndDestroyContexts() line: 363
      ServletLifecycle.endRequest(HttpServletRequest) line: 64
      ResteasyResourceAdapter$1(ContextualHttpServletRequest).run() line: 56
      ResteasyResourceAdapter.getResource(HttpServletRequest, HttpServletResponse) line: 121
      SeamResourceServlet.service(HttpServletRequest, HttpServletResponse) line: 80
      SeamResourceServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 803
      ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 290
      ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 83
      LoggingFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 60
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      AuthenticationFilter.processBasicAuth(HttpServletRequest, HttpServletResponse, FilterChain) line: 185
      AuthenticationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 121
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      IdentityFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 40
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      MultipartFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 90
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      ExceptionFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 64
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      RedirectFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 45
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      ConfigurableXMLFilter(BaseXMLFilter).doXmlFilter(FilterChain, HttpServletRequest, HttpServletResponse) line: 178
      Filter(BaseFilter).handleRequest(HttpServletRequest, HttpServletResponse, FilterChain) line: 290
      Filter(BaseFilter).processUploadsAndHandleRequest(HttpServletRequest, HttpServletResponse, FilterChain) line: 368
      Filter(BaseFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 495
      Ajax4jsfFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 56
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69
      SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 73
      SeamFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 158
      ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 235
      ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206
      ReplyHeaderFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 96
      ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 235
      ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206
      StandardWrapperValve.invoke(Request, Response) line: 230
      StandardContextValve.invoke(Request, Response) line: 175
      SecurityAssociationValve.invoke(Request, Response) line: 182
      NonLoginAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 432

      -----------------------------------------------------

       

      Contexts.destroy(Context)line:251 shows a variable ServerConversationContext.additions, thats HashMap with {secpersistanceSession=ManagedHibernateSession, rootSession=ManagedHibernateSession)}

       

      Is there any good approache how i could solve this tricky problem that the ManagedHibernateSession are not closed?

       

      i am using Seam 2.2.0

       

      I am looking foward for any hint. thanking you in advance

       

      best regards

       

      malcom